QT/InvoiceShelf
1
0
Fork 0
mirror of https://github.com/InvoiceShelf/InvoiceShelf.git synced 2026-04-16 01:34:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Eliminate Company\CompaniesController, introduce owner role

Browse Source 
Redistribute methods:
- show() -> BootstrapController::currentCompany()
- store(), destroy(), userCompanies() -> Admin\CompaniesController
- transferOwnership() -> CompanySettingsController

Security fix: introduce 'owner' role for company-level admin, distinct
from 'super admin' which is now global platform admin only.
- CompanyService::setupRoles() creates 'owner' role per company
- Company creation assigns scoped 'owner' role instead of global 'super admin'
- Seeders updated to assign 'owner'

Migration renames all existing company-scoped 'super admin' roles to
'owner' and ensures every company owner has the role assigned.
This commit is contained in:
Darko Gjorgjijoski
2026-04-03 22:33:56 +02:00
parent 5912995164
commit 00d5abae5f
10 changed files with 151 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
app/Http/Controllers/Company/Settings/CompanySettingsController.php
View File

@@ -7,9 +7,11 @@ use App\Http\Requests\GetSettingsRequest;
use App\Http\Requests\UpdateSettingsRequest;
use App\Models\Company;
use App\Models\CompanySetting;
use App\Models\User;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Arr;
use Silber\Bouncer\BouncerFacade;
class CompanySettingsController extends Controller
{
@@ -55,4 +57,25 @@ class CompanySettingsController extends Controller
'has_transactions' => $company->hasTransactions(),
]);
}
public function transferOwnership(Request $request, User $user): JsonResponse
{
$company = Company::find($request->header('company'));
$this->authorize('transfer company ownership', $company);
if (! $user->hasCompany($company->id)) {
return response()->json([
'success' => false,
'message' => 'User does not belong to this company.',
]);
}
$company->update(['owner_id' => $user->id]);
BouncerFacade::scope()->to($company->id);
BouncerFacade::sync($user)->roles(['owner']);
return response()->json([
'success' => true,
]);
}
}